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DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/16! 


SECURITY OF FOREIGN INTELLIGENCE IN Fi Hi te 
DATA PROCESSING SYSTEMS ae NETW Wil iL 


a * (Effective 6 June 1978) rll F le 2c © , (ae. 
Pursuant to Section 102 of the National Security Act of 1947, Executive tess Vo 


12036, and National Security Council Intelligence Directives, and in order to ensure 
uniform protection of classified foreign intelligence, and foreign counterintelligence * 
involving sensitive intelligence sources and methods, processed and/or stored in 
Automated Data Processing (ADP) systems and networks, minimum security require 
ments are hereby established. 


The diversity and complexity of such computer systems now in place in the 
Community and those already designed for future placement may not provide for 
compliance with the requirements of the directive in their entirety. Recognizing both 
the validity of the requirements and the difficulty involved in their application to 
currently installed and already designed ADP systems, the extent to which the 
exceptions to this Directive are applied to such systems is Jeft to the determination of 
each National Foreign intelligence Board (NFIB) member in view of his ultimate 
responsibility for the protection of intelligence information. 

l. Applicability 

This Directive shall apply to NFIB member agencies and all other United States 
Government departments and agencies which process and/or store intelligence 
information in ADP systems and networks. It shall apply equally when ADP systetns 


and networks are owned and/or operated by the United States Government or by its 
contractors or consultants. 


2. Resnonsibilities 


Each NFIB member or his designee is responsible for ensuring compliance by his 


respective organization and any other organization for which he has security | 


responsibility with the provisions of this Directive and the attached Computer 
Security Regulation. The NFIB member or his designee may delegate this responsibil- 
ity as he deems appropriate except only the NFIB member may accredit an ADP 
system or network for operation in the Compartmented Mode. 


8. Policy 


A formal ADP security program shall be established and maintained to ensure 
that intelligence information processed and/or stored by ADP systems and networks is 


‘Supersedes DCID 1/16, effective 18 May 1976. 
* Foreign intelligence and foreign counterintelligence are used in this Directive as defined in Section 4, 
Executive Order 12035, and as classified under the provisions of Executive Order 11652. For the puraase of 
this Directive, the term “intelligence information” shail include both foreign intelligence and fereiga 
counterintelligence as so defined. ; 
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adequately protected. The minimum secucity requirements for the allowed meazdes of 


operation of ADP systems and networks are contained in the uae Computer 
Security Regulation. Additional ADP security measures and capabilities may be 
established if deemed appropriate. ADP systems involving foreiun governments shall 
be addressed on a case-by-case basis by the NFIB members involved. 


4. Exceptions 


a. This Directive shall not apply to the ADP systems or networks that are used 
exclusively for telecommunications services. Such systems or networks are 
controlled by pertinent national policies and regulations. 


b. The NFIB member or his designee may temporarily exempt specific ADP 
systems under his jurisdiction from complete compliance with this Directive and 


attached Regulation when such compliance would significantly impair the’ 


execution of his mission. Chapter III of the attached Regulation governs whea 
the ADP systen: being exempted is part of an ADP network as defined therein. 
An exemption shall be granted only when the NFIB member or his designee is 
confident that the other security measures in effect will adequately protect the 
intelligence information being processed. The NFIB member or his designee 


granting an exception shall strive for the earliest feasible attainment of complete . 


compliance. No exception shall be granted which would allow personnel with less 

than a TOP SECRET clearance based on @ background investigation to access an 
ADP system or network which contains Sensitive Compartmented information 
iscne ; 


e. Nothing in this Directive or the Computer Security Regulation shall 
supersede or augment the requirements on the control, use, and dissernination of 
‘Restricted Data, Formerly Restricted Data, or Cormmunicatians Security 
(COMSEC) related material as established by or under existing statutes, direc- 
. tives, or Presidential policy. 


The term “Sensitive Comoastmented Infermation” as used in this Directive is intended to include all 
infermation and cateria!s beacing special Community controls indicating restricted handling within present 
aad fiture Community intelisence collection programs and their end products for which Community 
systems of compartmentation have been or will be formally established. 


STANSFIELD TURNER 
_ Director of Central fatelligence 
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CHAPTER I 


Introduction 


1.1. Director of Central Intelligence Directive No. 1/16 (DCID 1°16) requires 
National Foreign Intelligence Board (NFIB) member agencies and all other United 
States Government departments and agencies processing and/or storing intelligence 
information in ADP systems and networks to establish and maintain a formal ADP 
Security Program to énsure adequate protection of intelligence information. This 
Regulation is promulgated to establish the minimum security requirements for the 
allowed operating modes of an ADP system or network as defined in Chapters II and 
Il. ADP security programs shall be based on the provisions of this Reeulsiien and 
DCID 1/16. 


12. All ADP systems and networks, not exempted in DCID 1/16, aroeeiine sae ae 


storing intelligence inforrnation must meet the requirements prescribed in Chapters If 
and IIf of this Regulation. Accreditation, as prescribed herein, is required for the 

operation of each ADP systern and network. The accreditation is contingent upon the 
results of a recurring review, testing, and favorable evaluation of employed security 
features. These security features shall include hardware/software features, operating 
procedures, accountability procedures, access controls, management constraints, phys- 
ical structures, and appt opciate Communications Security (COMSEC: measures to 
provide minimum security protection for intelligence information processed and or 
stored by the ADP system or network. 


1.5. An Information System Security Officer (ISSO) shall be appointed for each 
ADP systera processing and/or storing intelligence information. An ISSO may serve 
for more than one system. Duties and responsibilities of the ISSO are specified in 
Chapters IT and TIL 


1.4. The NFIEB member or his designee responsible for the management of an ADP 
network shall appoint a Network Security Officer (NSO). Duties and responsibilities of 
the NSO are specified in Chapter III of this Regulation. 
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CHAPTER Il 


Modes of Operation and Minimum Security Requirements for Processing 
ond/or Storing Intelligence Information in ADP Systems 


Three modes of operation of an ADP system are allowed for the processing and/or 
storing of intelligence information. They are: {a} Dedicated Mode; (b) System Fligh 
Mode; and (c) Compartmented Mode. The minimum security requirements for each 
mode of operation are contained in this Chapter. Chapter II identifies the require~ 
ments for ADP networks which are formed by the interconnection of ADP Systems 
operating in‘ any of these allowed modes. 


IL1. General security requirements for ADP systems processing end/or storing 
intelligence information. 


IL la. Information Systems Security Officer. Each NFIB member or his designee 


shall provide for the appointment of an Information System Security Officer (ISSO). tt 
is desirable for an ISSO to be responsible for only one system; however, he may be 
responsible for more than one. The ISSO is specifically responsible for ensuring 
continued compliance with the requirements set forth in this Regulation, providing 
system accreditation statements, reporting major security deficiencies in system 

operation to the NFIB member or his designee, and monitoring any changes in system 
operation that may affect the security status of the total system. 


ILib. Communicctions Links. The communications links between all components 


” _ of the ADP system shall be secured in accordance with appropriate directives for the 


highest classification of infarmation designated for transmission: 


Ile. Emenaiions Security Aspects. The vulnerability of systern operations to 
exploitation through campromising emanations shall be determined in the process of 
system accreditation. Evaluation of the risks associated with the central computer 
facility and the remote terminal areas and application of control measures shall be in 
accordance with appronriate directives. 


IL. 1d. Individual Security Responsibilities. All users of the system shall be briefed 


on the need for exercising sound security practices in protecting the information 
processed and/or stored in the system, including all input and output. Users shall be 
informed of the security mode in which the system is operating and that the receipt of 
any information not specifically requested shall be reported immediately to the ISSO, 
or his designee. : 


Il.Le. Administrative Approvals. Administrative approvals (not requiring substan- 
tive briefings) may be used to grant persons access to the central computer facility and 
remote terminal.areas when such persons do not require access to the intelligence 
information processed and/or stored in the system. 


I.2. Modes of Operation and Minimum Security Requirements * 


i.2.a. Dedicated Mode 


If.2.a(2) Intelligence information may be processed and/or stored in an ADP 
system operating in the Dedicated Mode; that is, the system is specifically and 
exclusively dedicated to, and controlled for, the processing of that one particular type 


t 
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IL.2.a(2) Accreditation Process. The NE{B member or his designee can accredit an 
ADP system operating in the Dedicated Mode after receiving written assurance from 
the computer system manager and the responsible ISSO that the ADP system meets 
the minimum security requirements for this mode as outlined below. 


11.2.a(3) Personnel Security. All unescorted personnel yequiring access ta the 
central computer facility or any remote terminal shall have a valid security clearance _ 
and formal access approval for the one particular type of intelligence information 
contained within the ADP system. 


1f.2.0(4} Physical Security. The central computer facility and any remote terminals 
connected to-it shall be secured in a manner commensurate with the classification and . 
control caveats of the one type of intelligence information contained in the system. 


If.2.a(5) System. All peripheral devices not dedicated for use in the processing of 
the specific type of intelligence information shall be disconnected from the system in 
an approved manner. A controlled copy of the operating system shall be used to 
initialize an ADP system for processing TOP SECRET intelligence information or 
Sensitive Compartrnented Information (SCI). 


W2.a(6) Termination of Dedicated Mode Operation. On changing from Dedicated 
Mode operation, 2!l intelligence information and the media used in its processing 
and/or storing shall be secured or sanitized in an approved manner. An ADP system 
which has operated in the Dedicated Mode may then be returned to its original or 
different mode, as approsriate. 


We 2b. System High Mece 


 WE2.b01): Intel teence information may be processed and/or stored in an ADP 
system operatieg in the System High Mode; that is, the system is operating with 
security measures commensurate with the highest classification and sensitivity of the 
information being processed and/or stored, 


In2.b(2} Aceredite Hon Process. The NFIB member or his designee can accredit an 
ADP system operating In the Systera High Mode after receiving written assucance 
from the computer system manager and the responsible ISSO that the ADP system 
meets the minimum security requirements for this mode as outlined below. 


11.2.513) Personnel Security. All unescorted personnel requiring access to the 
central computer Facility or any remote terminal shall have a valid security clearance ° 
and formal access approvals for all deta processed and/or stored in the ADP system. 
Unescorted personnel do not automatically have authorization to see.or use all-of the 
data processed and/or stored in the system. Need-to-know criteria shall apply. 


IL2:b(4) Physica! Security. The central computer and remote terminal facilities 
shall be secured in a mannet commensurate with the highest classification and . 
sensitivity of information contained in the system. 


1L2.b(5) System. 


IL2.b(5)(a) All terminals and peripheral devices not designated for, use in the 
current System High Mode of operation shall be disconnected from the system in an 
approved manner. 


* Definition as set forth in DCID 3/16. 
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y the system. oystem controls shall be in conformity with those required for the 
protection of the most sensitive information being processed and/or stored in the 
system. System controls shall consist of software, hardware, and/or other appropriate 
measures designed to validate the identity and file access authority of the system users. 


, IL.2.b(5)(c) Security classification and other required control caveats shall be - 
identified with the information and programs in the system, and appropriate labeling 
of the output shall be ensured. ; 


11.2.b(6) Audit Trails. Each system shall produce, in a secure manner, an audit trait 
containing sufficient information to permit the ISSO to perform a regular security 
_ review of system activity. . "3 


I1.2.b(7) Termination of System High Mode Operation. On changing from System 
High Mode operation, all intelligence information and the media used in its processing . 
and/or storage shall be secured or sanitized in an approved manner. An ADP system 
which has operated in the System High Mode may then be returned to its original or 
different mode, as appropriate. 


Ih20. Compartmented Mode 


W1.2.c(1) SCI may be processed and/or stored in an ADP system operating in the 
Compartmented Mode; that is, the system is processing two or more types of SCI, or 
any one type of SCI with other than SCI, and system access is secured to at least the 
TOP SECRET level, but all system users need not necessarily be formally authorized 
access to all types of SCI being processed and/or stored in the system. 


Tl.2.c(2) Accreditetion Process 


T1.2.c(2)(a) Only the NFIB member can accredit an ADP system for operating in 
the Cornpartmented Mode. ef 


M.2.c{2b) The accreditation will be based upon the results of a security analysis, 
test, and evaluation to assure that the ADP system meets the minimum security 
requirements for this mode as outlined below. The ISSO will ensure that the security 
analysis, test, and evaluation is carried out and the results reported along with his 
recommendations to the NFIB member. 


¥1.2.c(3) Personnel Security 


H.2.c(8)(a) All unescorted personnel requiring access to the central computer 
facility shall havea valid TOP SECRET clearance? and formal access approvals For all 
data processed and/or stored in the ADP system. Need-to-know criteria shall apply. 


IL.2.c(3)(b) All unescorted personnel requiring access to any remote terminal 
facility shall have a valid TOP SECRET clearance * and formal access approvals for all 
data designated for input/output at that terminal facility: Need-to-know criteria shall 
apply. _ 


IL2.c(4) Physical Security 


IL.2.c(4)(a) The central computer facility shall be secured in a mannet commensu- 
rate with the handling of TOP SECRET material and the most sensitive intelligence 
information contained in the facility. 


*Such clearance must have been granted based on investigative requirements of DCID i/ts. 
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W.2.c(4)(b) Each remote terminal trea will be secured in a manner commensurate 

with the handling ef TOP SECRET material and the most sensitive intelligeace 
information, if any, desigaated for input/output at that terminal facility, 


"-1L.2.c(5) System. The ADP system through 2 combination of hardware and software 
capabilities shall provide the requisite protection for intelligerice information proc- 
essed and/or stored by it. Systems not presently equipped with the required 
hardware/software security capabilities prescribed below must compensate for the 
lack thereof by the implementation of other security measures or procedures which 


afford the sare degree of protection. 


HL2.c(5){a} All terminal and peripheral devices not designated for use in the current 
Compartmented Mode of operation shall be disconnected from the system in an 
approved mannet, : , 


eS eg 


IL.2¢(5\b)- Authentication of remote tecrainals and personne} shall be performed 


by the system. System controls shall be in conformity with those required for the 
protection of the most sensitive information being processed and/or stored in the 
system. System controls shall consist of software, hardware, and/or other appropriate 
measures designed to validate the identity and file access authority of the systens users. 


H1.2.c(5)(c) Security classification and other required control caveats shall be 
identified with the information and programs in the system, and appropriate labeling 
of the cutput shall be ensured. 


IL2ci5\d). Memery Access. System hardware/software features shall exercise 
control over the memery locztions to which a user program has access. 


IL2.c{5e) Privileged Instructions, The system shall utilize a special class or subset 
of instructions to perform end control all input/output operations and changes to 
remozy. boundaries, execution state variables, data elements or tables, and files of the 
operating systent, The operating system alone shall execute these instructions or 
provide access to them. 


IL2c(3)K6) Verified Response. Machine instructions/operation eades, both privi- 

- leged and user, with all possible tags or modifiers, whether legal or not, shall be 

designed and tested to produce results in a predefined set of responses by the 
computer hardware/firmware. 


IL2.c{5X¢) Read, Write, and Execute Privileges. The systern shall enforce the read, 
write, and execute privileges of a user with respect to any given file. 


IL2.c{5Xh) Separction af User/Privileged Modes of Operation. The user and. 
privileged modes of system operation shall be separated so that a progrant operating in - 
user mode is prevented from unauthorized utilization of privileged fuinctions. Controls 


shall be implemented to maintain continued separation of these mocles. 


Ih.2c(S){i) Residue Clear-out. Measures shall be implemented to ensure that 
residue from terminated user programs are cleared before memory and on-line storage 
devices’ locations are released by the system for use by another user program. 


- . > . ‘ = 
I].2.c(5)i) Over-the-Counter Access Control. Effective controls shall be imple- 
mented to lirait over-the-counter (batch) users to authorized access to inforniation and 
programs, as well as to control read and/or write access authorizations. 


I.2.c{6) Audit Trails. Each system shall produce, in a secure rmanner, an audit trail 
containing sufficient information to permit the. ISSO tu perform a regular security 
review of system activity. a 


Approved For Release 2005/08/24¢ CIA-RDP87B01034R000500150036-6 


CONFIDENTIAL 


4 


~e 


IL2.c(7) Termination of Compartmented Mode Operstion. On chansi 
Approved Per Relies 2005/08/24I! GLAHRARS ARQ 
its processing and/or storing shall be seeured or sanit 


ing fran 
14349 Q0999150086 
ADP system which has operated in the Cornpartmented Mode rnay t 


Bred in 
ized in an approved manusr An 
to its original or different mode, as appropriate. 


hen be returned 


7 
CONFIDENTIAL 


No 159 
Approved For Release 2005/08/24 : CIA-RDP87B01034R000500150036-6 _. 


Approved For Release 2005/08/24 : CIA-RDP87B01034R000500150036-6 


MISSING PAGE 


ORIGINAL DOCUMENT MISSING PAGE(S): 


Approved For Release 2005/08/24 : CIA-RDP87B01034R000500150036-6 


|—-__——_—____-—__-———-—- 


[—- ADP System —— }-—— Telecommunications ay | a AT 


Approved For Release 2005/08/24 : CIA-RDP87B01034R000500150036-6 
CHAPTER Ill 


ADP. Networks 


HL1. Definition 


IIL.1.a, For the purpose of this regulation and implementation of DCID 1/16, an 
ADP network is defined as the interconnection of bvo or more ADP systems that 
operate in any of the modes defined in Chapter Il. The ADP network consists of the 
components (central computer facility, remote terminals, and interconnecting com- 
munications links) of the various ADP systems, front-end processors, and telecom- 
munications. This Regulation shall not apply to the individual ADP systems, if any 
(e.g., CS in Figure }), that make up the telecommunications; these are controlled by 
pertinent national policies and regulations. 


IIL2.b. There are numerous ways in which ADP systems operating in any of the 
modes defined in Chapter If can be interconnected to form an ADP network. 
However, most of these combinations will increase the miniraum security require 
ments of the individual ADP systems-since their original operating modes cannot be 
maintained when they become a part of a network (For example, when two 
Dedicated Mode ADP systems interconnect, they can continue to operate in the 
Dedicated Mode only if both ADP systems process the same classification and types of 
intelligence information. If this is not the case, their interconnection would require 
both systems to meet the requirements of operating in the System High Mode 
(Network High) or the Corapartmented Mode, depending on the classification and 


type of intelligence information to which each ADP system was originally dedicated.) - 


Therefore, each pronesed configuration of ADP systerns must be assessed to determine 
the appropriate mode cf operation (Dedicated, Network High, or Compartmented) 


for the resuliant network. Each ADP system in the network must be accredited for 
operation in the new mode when a change of operating mode is required. 


(FIGURE 1) 


~ Kemote Terasnal [——Resote Ter 


~ Central Computer Facility 

- Frone Und Processor ; 

~ Communications Computer or Switch (e.g., AUTOR) 
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ADP network: mode of operation are shown in Table t below. 
HE2. Responsibilities for ADP Network Security Administration 


IiL.2.a. Responsible Authorities. The authority, organization, or manager responsi- 
ble for the overall operation and control of the ADP network shall ensure that each 
ADP system which is a part of the network adheres to the security required by the 
current network configuration (see IIL1.b. and é above). The security measures shall 
be agreed to in writing by the ADP network authority and the ADP system authority 
and implemented before an ADP system is connected to the network. However, each 
NFIB member is the responsible security authority for his ADP system participating in 
the network, < xo 


IIL2b. Rernote Station Authority. Security requirements for remote terminals and 
peripheral devices of an ADP network shall be prescribed by the authority responsible 
for the security of the ADP network. In same cases, this may be a different NEIB 
member or designee than the terminal or device user. 


Hii2c. Exceptions. When an ADP syste becomes a part of an existing ADP 
network, approval of any temporary exceptions ta the network security requirements 
will require the written concurrence of the ADP system authority and the ADP 

_ hetwork authority. The ADP network authority will appzove the temporary exception 
only with the consensus of all the network participants. ; 


EL2.d. Security Anomalies. Each NFIB member or his designee is responsible for 
assuring that he is aware of any known system irregularities occurring within his ADP 
system. Any evidence indicating a possible violation of the security integrity or 
unexglainable phenomenon of the system shall be made known to the ISSO. The ISSO 


of 


. 


Table 1 
ADP System Mode(s) ADP Network Mode 
1. Allsystems are Gecionte to processing and/or storing thesametype 1. Dedicated 


of icteNigence information 


2. All systems are Dadicated * to same classification level but notsame 2. Network High > 
" type of intelligence information, and not SCL. 


8. Some systems are Dedicated * to same classification level andsameor 3. Network High > 
different type(s} of intelligence information end some systems are. ; 
System High st classification level of the Dedicated systerns, but not 

SCL. y 


4. Some systems are Dedicated * to TOP SECRET level and same or 4. Compartmented 
different types of intelligence information and some systems are 
Corapartmented, , 


5. All systems are Systera High to the same classification level ........ 5. Network Hizh® - 


6. Some systems are System high at TOP SECRET level and some: 6. Cornpartmented 
systems are Compartmented. ; 


wee: 
7. AID systems are Compartmented vic cccccseccossesscsecsscscsossssececccoscecccecessee 7. Compartmented 
8. Some systems are Dedicated to TOP SECRET level and same or 8. Compartmented 
different types of intelligence information, some systems and System v 
High at TOP SECRET level, and some systems are Compartmented. a 


"These systems, in effect, adopt the operating mode of the network and, therefore, must meet the 
minimum security requirements of that mode as expressed in Chapter IL. ‘ 

b Network High requires that all enescorted personnel having access to any of the ADP systems of the 
network must have formal access approvals for all data processed and/or stored by all of the ADP systems in 
the network. : = 
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owed by a written 


report as appropriate. The NSO shall determine the irapact on network security of any 
abnormalities of ADP system operation. Each NFIB member or his designee retains 
the prerogative of suspending his organization's operational participation in the 


network prior to any notification if he believes sufficient threat of compromise exists. 


Wil.2.e. ISSO Network Responsibilities. Each ADP system in an ADP network shall 
have a formally designated ISSO whose responsibilities are as follows: 


HE2.e(1) Advise and assist his NFIB member or designee on all physical, personnel, 
procedural, hardware 


/software, and communications security matters pertaining to 
the network. ; 


HI2.e(2) Coordinate with other ISSO’s 
network security-related activities as requir 


and the NSO in the administration of 
ed by this Regulation. , 
NL2Z Responsibilities and Functions of the NSO 


III.2.{(1) Coordinate the application of network security hardware/software (secu- 
rity labeling, audit trails, dissemination controls, etc.), physical/personnel security 
measures, Communications security, and administrative/procedural security measures 
within the ADP network. 


TIL.2.5(2) Investigate and resolve network security incidents and/or violations 
leading to or involving a potential compromise of classified information. 


Ii1.2.(3) Determine that network security requirements are met before an ADP 
system Is connected to the ADP network. 


VWE2EK4) Advise and assist the ADP network manager on studies, projects, tests and 
evaluations, and experiment 
A I 


iments which relate to the security of the ADP network. 


tWra 


IL2.£(5) Assist the net 


eee hee 


woTk manager in assuring that all ADP network participants 
adhere to the security requirements specified in this Regulation. 


aught 


Hii2.g. Reporting. All ADP system security-related incidents shall be reported by 


the ISSO to the NSO. The nature and extent of the report shall be based upon the 
security urgency of the event. 


IWh.2g(1) Routine Security Report. A routine security report shall be made of a 
system malfunction or security incident which has potential network security 


implications. The report shall include the following information: 
{IL.2.g(1)(a) NFIB member or his designee submitting the report. 
I.2.g(1)(b) The ADP system in which the abnormality occurred. 
HL2.g(1)(c}) Narrative description of the event. 


III.2.g(1){d) Date, time, location of event. 


I11.2.g(1e) Results of the ISSO’s internal investigation as to the cause of the 


abnormality and remedial actions taken, 


HIL.2.g(2) Special Security Reports. The ISSO shal! immediately notify the Network 


Security Officer of a system abnormality providing reason to suspect a covert violation 
of the security integrity of the ADP system or network. An initial written report 
covering the basic information provided in a routine security report shall be 
forwarded as soon as possible. The nature and extent of the reporting requirement 
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organizational counterintelligence investigation. 


W.2.¢(3) Evaluation and Analysis of Report. The NSO shall review all reports 
submitted for purposes of evaluating the security performance aspects of the netwark. 


Hil.2.¢{4) In the event a NFIB member or his designee takes exception to the 
content of, or actions required by, a security report, he shall appeal to the network 
authority who shall establish an ad hoc cormmittee of network participants to resolve 
the issue. 


IIL.3. Accreditation Process 


ItL.3.a, The authority, organization, or manager responsible for the averall opera- 
tion and contro} of the ADP network shall ricibei it in cooperation with the NFIB 
members participating in the ADP network 


HLS.b. For networks having raoultiple NFIB members dagen fon the overall 
operation and control of the ADP network, the accreditation shall be made jointly by 
these NFIB members. 


Ti.3.c. The NSO shall provide written assurance to the appropriate network 
authority(fes) that the ADP network meets the minimum ADP netwark security 
requirements as outlined below. E 


Iih.4. Minimum ADP Network Security Requirements 


Hihd.a. ADP System Security. Each ADP system must be accredited for operation 
in the appropriate network mode before becoming an active participant of the ADP 


network, This accreditation shall be based on the requirements outlined in Chapter IL. 


AD? system accreditation must be provided to the NSO. 
14>. Telecoramunications. The communtcations links between all components 
i e., ADP systems, set Figure 1) of an ADP network shall be secured in accordance 


et ¢ 


with appropriate diz ectives for the highest classification of informattorr designated for 
transmission. 


liL4.c. Emanations Security Aspects. The vulnerability of network operations to 
exploitation through compromising emanations shall be determined in the process of 
network accreditation. Evaluation of the risks associated with the individual ADP 
systems and their interconnections shall be accomplished in aceordance with appropri- 
ate directives. ; 


Ifi4.d. Network Components. All ADP systems, terminals, and peripheral devices. 


not designated for use in the current network mode of operation shall be disconnected 
from the ADP network in an approved manner. 


IlhL.4.e. Security Identification and Labeling. The security level of network users, 
remote sites, network programs, and files shall be‘identifiable. Specific classification 
level, common controls, procedures established by DCID 1/7, and SCI markings shall 
be identified. This identification shall be a primary factor in the monitoring and 
contro} of data transfers. Security classification and other control caves rts shall be 
identified with the network information and programs while in the ADP network. 
Appropriate labeling of any output from the network shall be ensured. | 


Ili.4.f. Access to Network Files. Each data file in the netivork shall een an Office 
of Primary Interest (OPI). The OPI as owner, manager, and controtler of the 
information in the file is responsible for file maintenance, file classification, and 
read/write access authorization of other network users of the file. A current list, by 
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‘A copy of this list RD 2 Drovic pat ‘) ev cognizant ISSO and 
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Iil.4.g. Network User Access Control. Each ADP system shall assure that a network 
user is confined within the bounds of that system’s files to which the user has beer 
.authorized access, and that the user can exercise only those privileges far which he has 


been authorized. A network user shall not be able to access or alter any of the network, 


security capabilities. 


lit.4.h. Netwark Programs. Network programs, such as log-in programs, file 
maintenance programs, and listing programs, shall perform network specific functicns 
which are prohibited to the ADP systems’ and users’ programs. However, network 
programs shall not have complete freedom and shall be given only the authority that is 
needed to accomplish the particular network functions. 


NIL4.i. Procedures, The security procedures established for the protection, and - 


operational security, of the network shall be coordinated among all participants by the 
Network Security Officer and administered by the ISSO of each ADP system in the 
network, 


1.4.3. Audit Trails. Security audit trails shall be generated by the ADP systerns in 


the network. This information shall be made available to the Network Security Officer 
to permit a regular security review of the network activity. In some instances a manual 
security audit may be watranted. 
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GLOSSARY. 


The following definitions apply to the terms used in the Computer Security 
Regulation. 


Access. The ability and the means to approach, communicate with (input to or 
receive output from), or otherwise make use of any material er component in an ADP 
system or network, 


Accreditation. A formal declaration by the responsible NFIB member or his 
designee, as appropriate, that the ADP system or hetwork provides an acceptable level 
of protection for processing and/or storing intelligence information. An accreditation 
should state the operating mode and other parameters peculiar to the ADP system or 
network being accredited. 


ADP System. The central computer facility and any remote processors, terminals, 
or other input/output/storage devices connected to it by communications links. 

enérally, all of the components of an ADP system will be under the authority of one - 
NFIB member or his designse. 


Authentication. A positive identification, with a degree of certainty sufficient for 
permitting certain rights or privileges to the person or thing positively identified, 


Central Computer Facility. One or more computers with their peripherals and 
Storage. units, central processing units, and communications equipment in a single 
coritralled area. This does net include remote computer facilities, peripheral devices, 
‘or terminals which are located outside the single controlled area even though they are 
' connected to the central computer facility by approved communication links. 


scort. Duly desiznated personnel who have appropriate clearances and access 
apcrovals for the materis! contained in the ADP system and are sufficiently 
knowledgeable te understand the security implications and to control the activities and 
access of the individual being escorted. 


Front End Processor. A computer associated with a host computer that performs 
pre-processing functions. It may perform line control, message handling, code 
conversion, error control, data control, data management, terminal handling, ete. (See 
Regulation, Chapter Il, Figure 1) 


Operating System (O/S). An integrated collection of service routines for supervising 
the sequencing and processing of programs by a computer. Operating systems control 
the allocation of resources to users and their Programs and play a central role in 
assuring the secure operation.of a computer system. Operating: systems may perform 
input/output, accounting, resource allocation, compilation, storage assignment tasks, 
and other system-related functions. 


Processing and/or Storing. All inclusive term used to include in addition to 
processing and storing such Functions as manipulating, deleting, modifying, editing, 
outputting, etc. : 
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